Chapter 3. Enhancements

When using Multus with piecewise CIDRs, multiple address ranges that were added to Rook can be specified manually. This helps to overcome the limitation with the auto-detection that finds only a single CIDR in environments with piecewise CIDRs, which fail to start or fault to connect to the network.

For more information, see Multus network address space sizing.

Enabling key rotation for encryption keys of cluster-wide KMS is now supported. This helps to meet the common security practices requirement.

For more information, see Cluster-wide encryption.

Key Rotation for PV encryption, which is enabled by default, can be disabled for certain persistent volume claims (PVCs).

For more information, see Disabling key rotation.

ReclaimSpace is enabled by default through a StorageClass or Namespace annotation. Reclaim space for certain persistent volume claims (PVCs) can be disabled as the process of reclaiming space (fstrim) can impact performance.

For more information, Disabling reclaim space for a specific PersistentVolumeClaim.

In-transit encryption can be enabled or disabled for existing clusters after the deployment. This encrypts the communication within the cluster for existing clusters.

For more information, see Enabling and disabling encryption in-transit post deployment.

OpenShift Data Foundation dashboard provides information about the encryption configuration such as the different status of the encryption at rest and encryption in transit.

The MDSCPUUsageHigh alert is updated to notify vertical and horizontal scaling based on the CPU usage.

For more information, see CephMdsCpuUsageHigh.

A new parameter, spec.nfs.LogLevel, is added to the StorageCluster CR. This log level parameter enables configuring the log level for NFS that provides greater flexibility and control over the logging behavior. This helps to set precise log settings for debugging and monitoring purposes.

MCG operator supports a new AWS region, ap-southeast-5.